Monday 13 July 2009

News of the World phone hacking: how did they do that?

The media was abuzz last week with allegations that investigators working for the News of the World 'hacked' mobile phones belonging to scores of public figures.

How did they actually do it? Graham Cluley, Sophos guesses that they simply accessed the voicemail boxes of the phones concerned. This could be done by a little social engineering. Simply contact the phone provider claiming to be the individual concerned, with a little 'personal' information to convince them. Even easier, try the default PIN code - many people don't change it.

Some suggestions to stop this happening to you:
  • Change your mobile phone PIN code from the default to something only you know.
  • Keep your private personally identifiable information (things like your mother's maiden name) secret. That's difficult to do I know...
  • Do you really want voicemail anyway? Many people find it frustating - often a text is more useful. In that case, just disable it.
On a broader point - mobile phones are one important function which most corporations have already outsourced. Remember the News of the World story when considering outsourcing other services to cloud providers. Obviously similar risks could exist on in house systems, but such problems are easier to fix if in house.

Finally, read confessions of a tabloid hack for a revealing insight into the illegal activities of the press.
Reblog this post [with Zemanta]

No comments: